Sign-up

ID

VAR-200212-0150


CVE

CVE-2002-2206


TITLE

Norton Antivirus 2001 Poproxy Username Local Denial of Service Vulnerability

Trust: 0.9

sources: BID: 5692 // CNNVD: CNNVD-200212-171

DESCRIPTION

The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries. Norton Antivirus 2001 uses a POP3 proxy to scan incoming email for viruses. This proxy will modify the email client's POP3 username to be "user/POP3Server". The email client itself will connect to the local POP3 proxy created by Norton Antivirus

Trust: 1.26

sources: NVD: CVE-2002-2206 // BID: 5692 // VULHUB: VHN-6589

AFFECTED PRODUCTS

vendor:symantecmodel:norton antivirusscope:eqversion:2001

Trust: 1.6

vendor:symantecmodel:norton antivirusscope:eqversion:20010

Trust: 0.3

vendor:symantecmodel:norton antivirus corporate editionscope:neversion:7.51

Trust: 0.3

vendor:symantecmodel:norton antivirus corporate editionscope:neversion:7.6

Trust: 0.3

vendor:symantecmodel:norton antivirus corporate editionscope:neversion:7.5

Trust: 0.3

vendor:symantecmodel:norton antivirusscope:neversion:20020

Trust: 0.3

sources: BID: 5692 // CNNVD: CNNVD-200212-171 // NVD: CVE-2002-2206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-2206
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200212-171
value: HIGH

Trust: 0.6

VULHUB: VHN-6589
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2002-2206
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6589
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6589 // CNNVD: CNNVD-200212-171 // NVD: CVE-2002-2206

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2206

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-171

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200212-171

EXTERNAL IDS

db:BIDid:5692

Trust: 2.0

db:NVDid:CVE-2002-2206

Trust: 1.7

db:CNNVDid:CNNVD-200212-171

Trust: 0.7

db:NSFOCUSid:3537

Trust: 0.6

db:XFid:10085

Trust: 0.6

db:BUGTRAQid:20020919 HTTP://ONLINE.SECURITYFOCUS.COM/ARCHIVE/1/291358/2002-09-08/2002-09-14/0, SUBJ: NORTON AINTIVIRUS 2001 POPROXY DOS

Trust: 0.6

db:VULHUBid:VHN-6589

Trust: 0.1

sources: VULHUB: VHN-6589 // BID: 5692 // CNNVD: CNNVD-200212-171 // NVD: CVE-2002-2206

REFERENCES

url:http://www.securityfocus.com/bid/5692

Trust: 2.7

url:http://archives.neohapsis.com/archives/bugtraq/2002-09/0240.html

Trust: 2.7

url:http://www.iss.net/security_center/static/10085.php

Trust: 2.7

url:http://www.securityfocus.com/archive/1/291358

Trust: 2.1

url:http://www.nsfocus.net/vulndb/3537

Trust: 0.6

sources: VULHUB: VHN-6589 // CNNVD: CNNVD-200212-171 // NVD: CVE-2002-2206

CREDITS

Berend-Jan Wever※ skylined@edup.tudelft.nl

Trust: 0.6

sources: CNNVD: CNNVD-200212-171

SOURCES

db:VULHUBid:VHN-6589
db:BIDid:5692
db:CNNVDid:CNNVD-200212-171
db:NVDid:CVE-2002-2206

LAST UPDATE DATE

2024-11-22T22:48:48.982000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-6589date:2008-09-05T00:00:00
db:BIDid:5692date:2002-09-11T00:00:00
db:CNNVDid:CNNVD-200212-171date:2006-05-01T00:00:00
db:NVDid:CVE-2002-2206date:2024-11-20T23:43:07.770

SOURCES RELEASE DATE

db:VULHUBid:VHN-6589date:2002-12-31T00:00:00
db:BIDid:5692date:2002-09-11T00:00:00
db:CNNVDid:CNNVD-200212-171date:2002-09-11T00:00:00
db:NVDid:CVE-2002-2206date:2002-12-31T05:00:00